CVE-2026-4873
ADVISORY - ubuntuSummary
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.
EPSS Score: 0.00014 (0.026)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - redhat
Cleartext Transmission of Sensitive Information
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-4873
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| ubuntu/curl | deb | ubuntu | 24.04 | <8.5.0-2ubuntu10.9 | 8.5.0-2ubuntu10.9 |
| ubuntu/curl | deb | ubuntu | 22.04 | <7.81.0-1ubuntu1.24 | 7.81.0-1ubuntu1.24 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CVSS SCORE
5.9mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2026-4873
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-4873
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-4873
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2026-4873
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.9mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-4fvj-7j6r-cfpg
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-749q-8cfx-fw4g
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-